Yiping,
Yes you can have non-iptables setup. Most of the enterprise
installations don't rely on cloudstack's iptables, routing or vpc
features and prefer to use existing physical firewalls and vlan isolation.
If you have VLANs, but dont want to use iptables that comes thru virtual
router, look into CloudStack Advanced Zone Setup with Shared Network
Functionality.
In this case, you only leverage dhcp, userdata and dns(optional). You
can create your own network offerings and bind the network to "non-vpc
shared network" offering. DHCP at this point in time is a required.
Userdata and DNS can be optional. You can choose to use your own
in-house DNS dont route DNS queries through CloudStack virtual router
(you would need to create custom network offering, which is few clicks
in UI).
You can also bypass userdata and serve your own userdata through
external userdata services, you would need to write something on your
end to support it.
Regards
ilya
On 6/9/14, 12:02 PM, Yiping Zhang wrote:
Hi,all:
I am trying different network setups in my CloudStack eval effort, and I am
wondering if CS can be configured to not use iptables at all , giving that my
intended goal is for a private cloud dedicated to my own company, in our own
datacenter and all our networks are behind our own hardware based firewalls
already?
If I can stop iptables on all system VM’s, hypervisors and management servers,
then it would be much easier to trouble shoot my setups and accelerate the
eval process.
Thanks,
Yiping
